EU Data Protection Reform, Major Step Towards a Digital Single Market

Europe has been managed by a separate set of data protection regulations [1] adopted in 1995, hampering the proper protection of personal data. This was an issue for individuals, most of whom (over 90% [2]) wished for the application of the same data protection rights across Europe. On the other hand, it also presented a challenge for many companies in developing their businesses.

To address this issue, on December 15th, 2015, the European Parliament and the European Council reached an agreement to establish cross-border regulations in Europe in terms of data protection, creating new business opportunities and driving innovation in a single digital market.

The European Commission’s press release on the Agreement on the Commission’s EU data protection reform states that this reform consists of two instruments [4]:

The General Data Protection Regulation, which gives the European public more control over the protection of their personal data.

The Data Protection Directive, for the police and criminal justice sector, to ensure the proper protection of data regarding victims and suspects in the context of a criminal investigation and harmonize laws to facilitate cross-border cooperation.

Right to be “forgotten” when you do not want your data to be processed any longer

Right to know when data has been hacked

Regarding companies, standardized and unified European standards on data protection will bring new business opportunities, with a clear benefit for the European Union.

“Today’s agreement is a major step towards a Digital Single Market. It will remove barriers and unlock opportunities. […] With solid common standards for data protection, people can be sure they are in control of their personal information. […] Today’s agreement builds a strong basis to help Europe develop innovative digital services. Our next step is now to remove unjustified barriers which limit cross-border data flow: local practice and sometimes national law, limiting storage and processing of certain data outside national territory [3]“

Foreign companies (headquartered outside of Europe) will have to apply the same rules as European companies when they offer services in the EU

The Data Protection Reform will have a major impact on pharmaceutical and medical device companies, which not only deal with personal data of physicians and other stakeholders, but also, increasingly, with patient data, which represents a higher risk and is more sensitive.

Patient associations have an increasing influence on the processes of drug prescription, as well as on the selection of some medical devices. These interactions between the healthcare industry and patients render the proper management of data protection vital.